All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

dont work Juniper SSG Firewall Log Analysis app

arabgol
New Member
‎12-01-2017 11:38 PM

hello ,
how i can add this app to splunk , when i add to splunk and copy extract file" Juniper SSG Firewall Log Analysis" to $splunk/etc/app , dont show to me any things in dashboard,
please help me

0 Karma
Reply

adigrio
Path Finder
‎12-02-2017 06:08 AM

As jkat54 mentioned, the Splunk Add-on for Juniper is required in order to create the Splunk parsers for Juniper logs. In addition to that, make sure that you run the setup for the Firegen for Juniper app (it should launch automatically when you use it first time). During the setup you have to specify or confirm the index used to collect the Juniper logs. For example, if you collect your logs through an index called "ssg", the setup page should look like this:

alt text

This setting configures the ssg_index macro used by the analyzer app. If the app still doesn't show any stats after you configure the index, make sure that indeed you do have log entries for the time interval that you are trying to analyze. Open a regular search box and just enter the index and the time interval. The search should return the Juniper entries. Confirm that the entries contain fields such as src, dst, action, service, dst_port, sent and rcvd:

alt text

If the fields are not present then it's possible that the Splunk Add-on for Juniper is not installed properly or the log entries are not in the format expected by the add-on. Post a screenshot with the extracted fields if that's the case so we can take a look.

Preview file
64 KB
Preview file
11 KB
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-02-2017 05:06 AM

The app requires the Splunk Add-On for Juniper (https://splunkbase.splunk.com/app/2847) in order to create the required sourcetypes.

Do you have the add on installed too?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...